This pretty clearly states the recipients mailbox does not exist. This kind of message is typically accurate.
Have we double checked the recipient is not having a problem?? -----Original Message----- From: Moritz Muehlenhoff [mailto:j...@inutil.org] Sent: Friday, August 21, 2009 14:41 To: Faidon Liambotis Cc: 541...@bugs.debian.org; Giuseppe Iuculano; secur...@debian.org Subject: Bug#541441: CVE-2009-2726: Asterisk SIP Channel Driver Denial ofService On Fri, Aug 14, 2009 at 04:32:25PM +0300, Faidon Liambotis wrote: > That's AST-2009-005[1], which mentions: > > > Note that while this potential vulnerability has existed in Asterisk > > for a very long time, it is only potentially exploitable in 1.6.1 > > and above, since those versions are the first that have allowed SIP > > packets to exceed 1500 bytes total, which does not permit strings > > that are large enough to crash Asterisk. (The number strings > > presented to us by the security researcher were approximately 32,000 > > bytes long.) > > > > Additionally note that while this can crash Asterisk, execution of > > arbitrary code is not possible with this vector. > Hence, I don't think it warrants a security update for stable/oldstable. > > Unstable is vulnerable though, I'll prepare a fix. Thanks, added to the tracker. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
